Feature Request: Direct Vulnerability Report Links in Security Bot Notifications

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Background

The GitLab Security Bot currently provides code reference links when pre-existing vulnerabilities trigger security policy violations. While useful for locating the affected code, users must manually search vulnerability reports to action the actual vulnerability causing the block.

Problem to solve

• Pre-existing vulnerabilities don’t appear in the merge request screen or in Security bot notifications, which forces users to dig through vulnerability reports to action the vulnerabilities that violate the configured security policies.
• It's easy for the vulnerabilities to get buried in the vulnerability report view, making them hard to locate.
• A direct link to the specific vulnerability in the vulnerability report (not just the code) would eliminate the current friction and create a more efficient process to facilitate effective vulnerability remediation.

Proposal

• Preserve all current functionality (code links remain intact).
• Add a hyperlink to point users directly to the violation instance in the vulnerability report.